The use of wireless networking continues to grow at a rapid pace. Wireless networks are attractive for a number of reasons. They are convenient, they allow flexibility and roaming, and can support dynamic environments. Furthermore, they are relatively easy to install when compared with their wired counterparts. In some cases, for example in older buildings, they may be cheaper to deploy. An entire network can be put together in a matter of hours rather than days with no need for wiring or rewiring. In many scenarios, wireless networks can have a lower cost of ownership than their wired counterparts despite the cheaper cost of wired LAN cards.
A further trend in computing has been an increased use of security mechanisms to prevent unauthorized or malicious use of personal and corporate computer resources. For example, many companies and individuals have installed “firewalls” to protect systems inside the firewall from unauthorized access. As is known in the art, firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet typically pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
While firewalls are useful tools to increase network security, they pose problems for wireless users outside of the firewall that have legitimate needs to access systems inside the firewall. Security schemes implemented by firewalls often use IP addresses and depend on IPSec to aid in determining if a network data packet should be allowed through the firewall. Unfortunately, in the case of wireless systems, a mobile node's IP address may change frequently as the user roams from one wireless network to another. As a result, the security mechanism, e.g. IPSec, must be re-established every time the user roams into a new network. The re-establishment of security mechanisms to a new network connection can be costly, both in terms of CPU cycles and in the elapsed time the user has to wait for a new secure connection to be established.
In view of the above problems, there is a need in the art for the present invention.